1. Field of the Invention
This invention pertains generally to network devices and more particularly to controlling access to commands used for, e.g., the troubleshooting and debugging of network devices.
2. Description of the Related Art
Currently, different levels for privileges are granted to groups of users in a hierarchical allocation of administrative commands, each group having a common password. For example, as shown in FIG. 1, low-level administrators may be able to use a basic group 101 of commands for the basic management of a particular network device. Typically, such commands would include a “show” command for determining configuration states of network devices. All administrators who are involved with the day-to-day management of that device will know the password appropriate for basic command group 101.
A more restricted number of people will know the password for an “execute” command group 102, which will allow additional commands for the day-to-day operation of network devices.
An even smaller group will have the password for “configuration” command group 103, which includes commands for configuring network devices. Permission to use configuration command group 103 may be assigned, for example, to one or more network administrators. Command group 103 may also include basic troubleshooting and debugging commands for network devices. Collectively, command groups 101, 102 and 103 can control files that are sometimes referred to herein as “functional” software.
Engineering command group 106 includes commands for developing, troubleshooting and debugging the functional software. Accordingly, engineering command group 106 is used to control files such as debugging software that is used during the development of the functional software and is often shipped to customers with the functional software. In an ideal world, the functional software would work perfectly at all times, regardless of a customer's actions, and engineering command group 106 would not be needed after the functional software were shipped to a customer. In the real world, however, engineering command group 106 and the associated debugging software are needed to perform special operations, such as debugging the software code that controls customers' network devices.
Existing methods for granting access to engineering command group 106 and the debugging software have at least two general problems. First, there is the category of problems associated with granting access to commands that can, when used by a typical network administrator, cause a network device to malfunction. For example, allowing a typical customer to use engineering command group 106 could cause problems in an otherwise fully operational network device. This is true in part because only the developers of the underlying software will have the expertise necessary to debug this software. Therefore, the commands of engineering command group 106 are preferably not accessible by anyone unfamiliar with the development process of that software.
If engineering command group 106 and the debugging software are installed in a network device, the debugging software will be available when high-level troubleshooting and debugging are required. However, if engineering command group 106 and the associated debugging software are shipped with the functional software, a customer may find a way to use engineering command group 106. For example, customers may determine how to use a “root” account that includes permission to use commands of engineering command group 106 that should not be used by a customer. If the customer uses commands from engineering command group 106 but cannot determine how to use these commands properly, this may cause network problems and customer dissatisfaction.
The other general category of problems arises because the debugging software is used during development of the functional software and therefore includes confidential information regarding the development of the network device, the functional software, etc. Therefore, if the debugging software is shipped with a network device, this confidential information will be accessible to those who are sophisticated enough to access it. This is true even if access to the debugging software is disabled (e.g., by denying access to engineering command group 106), because such confidential information is still accessible to those who know how to access it.
It would be desirable to have engineering command group 106 and the associated debugging software available when needed, but not otherwise. Moreover, it would be desirable to preclude access to the confidential information that is typically part of the debugging software.